Merge branch v3.3 into master

2025-01-08 11:29:59 +01:00 · 2025-01-08 11:29:59 +01:00 · b0a72960bc
commit b0a72960bc
parent 6d3a685d5a a57e118a1a
14 changed files with 172 additions and 24 deletions
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@ -3,11 +3,11 @@ PLEASE READ THIS MESSAGE.
 Documentation fixes or enhancements:
 - for Traefik v2: use branch v2.11
- for Traefik v3: use branch v3.2
+- for Traefik v3: use branch v3.3
 Bug fixes:
 - for Traefik v2: use branch v2.11
- for Traefik v3: use branch v3.2
+- for Traefik v3: use branch v3.3
 Enhancements:
 - for Traefik v2: we only accept bug fixes
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@ -15,11 +15,11 @@ env:
 jobs:
  build-webui:
-    if: github.ref_type == 'tag'
+    if: github.ref_type == 'tag' && github.repository == 'traefik/traefik'
    uses: ./.github/workflows/template-webui.yaml
  build:
-    if: github.ref_type == 'tag'
+    if: github.ref_type == 'tag' && github.repository == 'traefik/traefik'
    runs-on: ubuntu-latest
    strategy:
@ -80,7 +80,7 @@ jobs:
          retention-days: 1
  release:
-    if: github.ref_type == 'tag'
+    if: github.ref_type == 'tag' && github.repository == 'traefik/traefik'
    runs-on: ubuntu-latest
    needs:
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,3 +1,89 @@
 ## [v3.3.1](https://github.com/traefik/traefik/tree/v3.3.1) (2025-01-07)
 [All Commits](https://github.com/traefik/traefik/compare/v3.3.0...v3.3.1)
 **Bug fixes:**
 - **[websocket,server]** Disable http2 connect setting for websocket by default ([#11408](https://github.com/traefik/traefik/pull/11408) by [rtribotte](https://github.com/rtribotte))
 ## [v3.2.5](https://github.com/traefik/traefik/tree/v3.2.5) (2025-01-07)
 [All Commits](https://github.com/traefik/traefik/compare/v3.2.4...v3.2.5)
 **Bug fixes:**
 - **[websocket,server]** Disable http2 connect setting for websocket by default ([#11408](https://github.com/traefik/traefik/pull/11408) by [rtribotte](https://github.com/rtribotte))
 ## [v2.11.18](https://github.com/traefik/traefik/tree/v2.11.18) (2025-01-07)
 [All Commits](https://github.com/traefik/traefik/compare/v2.11.17...v2.11.18)
 **Bug fixes:**
 - **[websocket,server]** Disable http2 connect setting for websocket by default ([#11412](https://github.com/traefik/traefik/pull/11412) by [rtribotte](https://github.com/rtribotte))
 ## [v3.3.0](https://github.com/traefik/traefik/tree/v3.3.0) (2025-01-06)
 [All Commits](https://github.com/traefik/traefik/compare/v3.2.0-rc1...v3.3.0)
 **Enhancements:**
 - **[acme]** Add options to control ACME propagation checks ([#11241](https://github.com/traefik/traefik/pull/11241) by [ldez](https://github.com/ldez))
 - **[api]** Add support dump API endpoint ([#11328](https://github.com/traefik/traefik/pull/11328) by [mmatur](https://github.com/mmatur))
 - **[http]** Set Host header in HTTP provider request ([#11237](https://github.com/traefik/traefik/pull/11237) by [nikonhub](https://github.com/nikonhub))
 - **[k8s/crd,k8s]** Make the IngressRoute kind optional ([#11177](https://github.com/traefik/traefik/pull/11177) by [skirtan1](https://github.com/skirtan1))
 - **[k8s/ingress,sticky-session,k8s/crd,k8s]** Support serving endpoints ([#11121](https://github.com/traefik/traefik/pull/11121) by [BZValoche](https://github.com/BZValoche))
 - **[logs,accesslogs]** OpenTelemetry Logs and Access Logs ([#11319](https://github.com/traefik/traefik/pull/11319) by [rtribotte](https://github.com/rtribotte))
 - **[logs,accesslogs]** Add experimental flag for OTLP logs integration ([#11335](https://github.com/traefik/traefik/pull/11335) by [kevinpollet](https://github.com/kevinpollet))
 - **[metrics,tracing,accesslogs]** Manage observability at entrypoint and router level ([#11308](https://github.com/traefik/traefik/pull/11308) by [rtribotte](https://github.com/rtribotte))
 - **[middleware,authentication]** Add an option to preserve the ForwardAuth Server Location header ([#11318](https://github.com/traefik/traefik/pull/11318) by [Nelwhix](https://github.com/Nelwhix))
 - **[middleware,authentication]** Only calculate basic auth hashes once for concurrent requests ([#11143](https://github.com/traefik/traefik/pull/11143) by [michelheusschen](https://github.com/michelheusschen))
 - **[middleware,authentication]** Send request body to authorization server for forward auth ([#11097](https://github.com/traefik/traefik/pull/11097) by [kyo-ke](https://github.com/kyo-ke))
 - **[plugins]** Add AbortOnPluginFailure option to abort startup on plugin load failure ([#11228](https://github.com/traefik/traefik/pull/11228) by [bmagic](https://github.com/bmagic))
 - **[sticky-session]** Configurable path for sticky cookies ([#11166](https://github.com/traefik/traefik/pull/11166) by [IIpragmaII](https://github.com/IIpragmaII))
 - **[webui,api]** Configurable API &amp; Dashboard base path ([#11250](https://github.com/traefik/traefik/pull/11250) by [rtribotte](https://github.com/rtribotte))
 **Bug fixes:**
 - **[k8s/ingress,k8s/crd]** Fix fenced server status computation ([#11361](https://github.com/traefik/traefik/pull/11361) by [kevinpollet](https://github.com/kevinpollet))
 **Documentation:**
 - Prepare release v3.3.0-rc2 ([#11362](https://github.com/traefik/traefik/pull/11362) by [rtribotte](https://github.com/rtribotte))
 - Prepare Release v3.3.0-rc1 ([#11349](https://github.com/traefik/traefik/pull/11349) by [rtribotte](https://github.com/rtribotte))
 **Misc:**
 - Merge branch v3.2 into v3.3 ([#11402](https://github.com/traefik/traefik/pull/11402) by [kevinpollet](https://github.com/kevinpollet))
 - Merge branch v3.2 into v3.3 ([#11393](https://github.com/traefik/traefik/pull/11393) by [mmatur](https://github.com/mmatur))
 - Merge branch v3.2 into v3.3 ([#11389](https://github.com/traefik/traefik/pull/11389) by [mmatur](https://github.com/mmatur))
 - Merge branch v3.2 into v3.3 ([#11367](https://github.com/traefik/traefik/pull/11367) by [kevinpollet](https://github.com/kevinpollet))
 - Merge branch v3.2 into master ([#11340](https://github.com/traefik/traefik/pull/11340) by [kevinpollet](https://github.com/kevinpollet))
 - Merge branch v3.2 into master ([#11293](https://github.com/traefik/traefik/pull/11293) by [kevinpollet](https://github.com/kevinpollet))
 - Merge branch v3.2 into master ([#11239](https://github.com/traefik/traefik/pull/11239) by [kevinpollet](https://github.com/kevinpollet))
 - Merge branch v3.2 into master ([#11187](https://github.com/traefik/traefik/pull/11187) by [kevinpollet](https://github.com/kevinpollet))
 ## [v3.2.4](https://github.com/traefik/traefik/tree/v3.2.4) (2025-01-06)
 [All Commits](https://github.com/traefik/traefik/compare/v3.2.3...v3.2.4)
 **Bug fixes:**
 - **[k8s/gatewayapi]** Support empty value for core Kubernetes API group ([#11386](https://github.com/traefik/traefik/pull/11386) by [rtribotte](https://github.com/rtribotte))
 - **[tcp,k8s/crd]** Pass TLS bool from IngressRouteTCP to TCPService ([#11343](https://github.com/traefik/traefik/pull/11343) by [lipmem](https://github.com/lipmem))
 - **[tls]** Upgrade github.com/spiffe/go-spiffe/v2 to v2.4.0 ([#11385](https://github.com/traefik/traefik/pull/11385) by [mmatur](https://github.com/mmatur))
 - Remove duplicate github.com/coreos/go-systemd dependency ([#11354](https://github.com/traefik/traefik/pull/11354) by [Juneezee](https://github.com/Juneezee))
 **Documentation:**
 - **[k8s/gatewayapi]** Update Gateway API version support to v1.2.1 ([#11357](https://github.com/traefik/traefik/pull/11357) by [kevinpollet](https://github.com/kevinpollet))
 - Add @jnoordsij to maintainers ([#11352](https://github.com/traefik/traefik/pull/11352) by [emilevauge](https://github.com/emilevauge))
 **Misc:**
 - Merge branch v2.11 into v3.2 ([#11400](https://github.com/traefik/traefik/pull/11400) by [kevinpollet](https://github.com/kevinpollet))
 - Merge branch v2.11 into v3.2 ([#11392](https://github.com/traefik/traefik/pull/11392) by [rtribotte](https://github.com/rtribotte))
 - Merge branch v2.11 into v3.2 ([#11388](https://github.com/traefik/traefik/pull/11388) by [mmatur](https://github.com/mmatur))
 - Merge branch v2.11 into v3.2 ([#11366](https://github.com/traefik/traefik/pull/11366) by [kevinpollet](https://github.com/kevinpollet))
 ## [v2.11.17](https://github.com/traefik/traefik/tree/v2.11.17) (2025-01-06)
 [All Commits](https://github.com/traefik/traefik/compare/v2.11.16...v2.11.17)
 **Bug fixes:**
 - **[acme]** Update go-acme/lego to v4.21.0 ([#11368](https://github.com/traefik/traefik/pull/11368) by [ldez](https://github.com/ldez))
 - **[middleware]** Fix typo in basicauth note ([#11397](https://github.com/traefik/traefik/pull/11397) by [tieje](https://github.com/tieje))
 - **[service]** Configure ErrorLog in httputil.ReverseProxy ([#11344](https://github.com/traefik/traefik/pull/11344) by [peacewalker122](https://github.com/peacewalker122))
 - Bump golang.org/x/net to v0.33.0 ([#11365](https://github.com/traefik/traefik/pull/11365) by [kevinpollet](https://github.com/kevinpollet))
 **Documentation:**
 - **[acme]** Fix allowACMEByPass TOML example ([#11370](https://github.com/traefik/traefik/pull/11370) by [hannesbraun](https://github.com/hannesbraun))
 - **[k8s/crd]** Update copyright for 2025 ([#11383](https://github.com/traefik/traefik/pull/11383) by [kevinpollet](https://github.com/kevinpollet))
 ## [v3.3.0-rc2](https://github.com/traefik/traefik/tree/v3.3.0-rc2) (2024-12-20)
 [All Commits](https://github.com/traefik/traefik/compare/v3.3.0-rc1...v3.3.0-rc2)
--- a/cmd/traefik/traefik.go
+++ b/cmd/traefik/traefik.go
@ -26,6 +26,7 @@ import (
 	"github.com/traefik/traefik/v3/cmd"
 	"github.com/traefik/traefik/v3/cmd/healthcheck"
 	cmdVersion "github.com/traefik/traefik/v3/cmd/version"
 	_ "github.com/traefik/traefik/v3/init"
 	tcli "github.com/traefik/traefik/v3/pkg/cli"
 	"github.com/traefik/traefik/v3/pkg/collector"
 	"github.com/traefik/traefik/v3/pkg/config/dynamic"
--- a/docs/content/deprecation/releases.md
+++ b/docs/content/deprecation/releases.md
@ -6,7 +6,8 @@ Below is a non-exhaustive list of versions and their maintenance status:
 | Version | Release Date | Community Support  |  
 |---------|--------------|--------------------|
-| 3.2     | Oct 28, 2024 | Yes                |
+| 3.3     | Jan 06, 2025 | Yes                |
 | 3.2     | Oct 28, 2024 | Ended Jan 06, 2025 |
 | 3.1     | Jul 15, 2024 | Ended Oct 28, 2024 |
 | 3.0     | Apr 29, 2024 | Ended Jul 15, 2024 |
 | 2.11    | Feb 12, 2024 | Ends  Apr 29, 2025 |
--- a/docs/content/middlewares/http/basicauth.md
+++ b/docs/content/middlewares/http/basicauth.md
@ -21,7 +21,7 @@ The BasicAuth middleware grants access to services to authorized users only.
 # To create user:password pair, it's possible to use this command:
 # echo $(htpasswd -nB user) | sed -e s/\\$/\\$\\$/g
 #
-# Also note that dollar signs should NOT be doubled when they not evaluated (e.g. Ansible docker_container module).
+# Also note that dollar signs should NOT be doubled when they are not being evaluated (e.g. Ansible docker_container module).
 labels:
  - "traefik.http.middlewares.test-auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
 ```
--- a/docs/content/migration/v3.md
+++ b/docs/content/migration/v3.md
@ -173,7 +173,7 @@ please use the `traefik.swarm.network` and `traefik.swarm.lbswarm` labels instea
 ### ACME DNS Certificate Resolver
 In `v3.3`, the `acme.dnsChallenge.delaybeforecheck` and `acme.dnsChallenge.disablepropagationcheck` options of the ACME certificate resolver are deprecated, 
-please use respectively `acme.dnsChallenge.propagation.delayBeforeCheck` and `acme.dnsChallenge.propagation.disableAllChecks` options instead.
+please use respectively `acme.dnsChallenge.propagation.delayBeforeChecks` and `acme.dnsChallenge.propagation.disableAllChecks` options instead.
 ### Tracing Global Attributes
--- a/init/init.go
+++ b/init/init.go
@ -0,0 +1,21 @@
 package init
 import (
 	"os"
 	"strings"
 )
 // This makes use of the GODEBUG flag `http2xconnect` to deactivate the connect setting for HTTP2 by default.
 // This type of upgrade is yet incompatible with `net/http` http1 reverse proxy.
 // Please see https://github.com/golang/go/issues/71128#issuecomment-2574193636.
 func init() {
 	goDebug := os.Getenv("GODEBUG")
 	if strings.Contains(goDebug, "http2xconnect") {
 		return
 	}
 	if len(goDebug) > 0 {
 		goDebug += ","
 	}
 	os.Setenv("GODEBUG", goDebug+"http2xconnect=0")
 }
--- a/integration/websocket_test.go
+++ b/integration/websocket_test.go
@ -16,6 +16,7 @@ import (
 	"github.com/stretchr/testify/require"
 	"github.com/stretchr/testify/suite"
 	"github.com/traefik/traefik/v3/integration/try"
 	"golang.org/x/net/http2"
 	"golang.org/x/net/websocket"
 )
@ -451,6 +452,44 @@ func (s *WebsocketSuite) TestSSLhttp2() {
 	assert.Equal(s.T(), "OK", string(msg))
 }
 func (s *WebsocketSuite) TestSettingEnableConnectProtocol() {
 	file := s.adaptFile("fixtures/websocket/config_https.toml", struct {
 		WebsocketServer string
 	}{
 		WebsocketServer: "http://127.0.0.1",
 	})
 	s.traefikCmd(withConfigFile(file), "--log.level=DEBUG", "--accesslog")
 	// Wait for traefik.
 	err := try.GetRequest("http://127.0.0.1:8080/api/rawdata", 10*time.Second, try.BodyContains("127.0.0.1"))
 	require.NoError(s.T(), err)
 	// Add client self-signed cert.
 	roots := x509.NewCertPool()
 	certContent, err := os.ReadFile("./resources/tls/local.cert")
 	require.NoError(s.T(), err)
 	roots.AppendCertsFromPEM(certContent)
 	// Open a connection to inspect SettingsFrame.
 	conn, err := tls.Dial("tcp", "127.0.0.1:8000", &tls.Config{
 		RootCAs:    roots,
 		NextProtos: []string{"h2"},
 	})
 	require.NoError(s.T(), err)
 	framer := http2.NewFramer(nil, conn)
 	frame, err := framer.ReadFrame()
 	require.NoError(s.T(), err)
 	fr, ok := frame.(*http2.SettingsFrame)
 	require.True(s.T(), ok)
 	_, ok = fr.Value(http2.SettingEnableConnectProtocol)
 	assert.False(s.T(), ok)
 }
 func (s *WebsocketSuite) TestHeaderAreForwarded() {
 	upgrader := gorillawebsocket.Upgrader{} // use default options
--- a/pkg/config/static/static_config.go
+++ b/pkg/config/static/static_config.go
@ -331,7 +331,7 @@ func (c *Configuration) SetEffectiveConfiguration() {
 		}
 		if resolver.ACME.DNSChallenge.DelayBeforeCheck > 0 {
-			log.Warn().Msgf("delayBeforeCheck is now deprecated, please use propagation.delayBeforeCheck instead.")
+			log.Warn().Msgf("delayBeforeCheck is now deprecated, please use propagation.delayBeforeChecks instead.")
 			if resolver.ACME.DNSChallenge.Propagation == nil {
 				resolver.ACME.DNSChallenge.Propagation = &acmeprovider.Propagation{}
--- a/pkg/provider/acme/provider.go
+++ b/pkg/provider/acme/provider.go
@ -89,7 +89,7 @@ type DNSChallenge struct {
 	Resolvers   []string     `description:"Use following DNS servers to resolve the FQDN authority." json:"resolvers,omitempty" toml:"resolvers,omitempty" yaml:"resolvers,omitempty"`
 	Propagation *Propagation `description:"DNS propagation checks configuration" json:"propagation,omitempty" toml:"propagation,omitempty" yaml:"propagation,omitempty"  label:"allowEmpty" file:"allowEmpty" export:"true"`
-	// Deprecated: please use Propagation.DelayBeforeCheck instead.
+	// Deprecated: please use Propagation.DelayBeforeChecks instead.
 	DelayBeforeCheck ptypes.Duration `description:"(Deprecated) Assume DNS propagates after a delay in seconds rather than finding and querying nameservers." json:"delayBeforeCheck,omitempty" toml:"delayBeforeCheck,omitempty" yaml:"delayBeforeCheck,omitempty" export:"true"`
 	// Deprecated: please use Propagation.DisableAllChecks instead.
 	DisablePropagationCheck bool `description:"(Deprecated) Disable the DNS propagation checks before notifying ACME that the DNS challenge is ready. [not recommended]" json:"disablePropagationCheck,omitempty" toml:"disablePropagationCheck,omitempty" yaml:"disablePropagationCheck,omitempty" export:"true"`
--- a/script/gcg/traefik-bugfix.toml
+++ b/script/gcg/traefik-bugfix.toml
@ -4,11 +4,11 @@ RepositoryName = "traefik"
 OutputType = "file"
 FileName = "traefik_changelog.md"
-# example new bugfix v3.2.3
+# example new bugfix v3.3.1
-CurrentRef = "v3.2"
+CurrentRef = "v3.3"
-PreviousRef = "v3.2.2"
+PreviousRef = "v3.3.0"
-BaseBranch = "v3.2"
+BaseBranch = "v3.3"
-FutureCurrentRefName = "v3.2.3"
+FutureCurrentRefName = "v3.3.1"
 ThresholdPreviousRef = 10
 ThresholdCurrentRef = 10
--- a/script/gcg/traefik-final-release-part1.toml
+++ b/script/gcg/traefik-final-release-part1.toml
@ -4,11 +4,11 @@ RepositoryName = "traefik"
 OutputType = "file"
 FileName = "traefik_changelog.md"
-# example final release of v3.2.0
+# example final release of v3.3.0
-CurrentRef = "v3.2"
+CurrentRef = "v3.3"
-PreviousRef = "v3.2.0-rc1"
+PreviousRef = "v3.3.0-rc1"
-BaseBranch = "v3.2"
+BaseBranch = "v3.3"
-FutureCurrentRefName = "v3.2.0"
+FutureCurrentRefName = "v3.3.0"
 ThresholdPreviousRef = 10
 ThresholdCurrentRef = 10
--- a/script/gcg/traefik-final-release-part2.toml
+++ b/script/gcg/traefik-final-release-part2.toml
@ -4,11 +4,11 @@ RepositoryName = "traefik"
 OutputType = "file"
 FileName = "traefik_changelog.md"
-# example final release of v3.2.0
+# example final release of v3.3.0
-CurrentRef = "v3.2.0-rc1"
+CurrentRef = "v3.3.0-rc1"
-PreviousRef = "v3.1.0-rc1"
+PreviousRef = "v3.2.0-rc1"
 BaseBranch = "master"
-FutureCurrentRefName = "v3.2.0-rc1"
+FutureCurrentRefName = "v3.3.0"
 ThresholdPreviousRef = 10
 ThresholdCurrentRef = 10